SEASONAL REDUCTIONS NOW ON - UP TO 40% OFF

Privacy and Security

INTRODUCTION

Your privacy is of the highest importance to us, and as such we promise never to release your personal details to any third party for marketing purposes. We'd love you to be among the first to receive news and exciting offers about our products and services. We do this in a variety of ways but only if you would like us to.  Your privacy is very important to us which is why we make sure you're always in control of what we do with your personal information.

This is our simple customer contact promise:

  • We'll never pass your personal details to third parties for them to use for their own marketing purposes.
  • We'll only ever use your details to help you make the most of what we have to offer.

This Privacy Policy explains how we (Stonemanor Limited, trading as Apricot) collect, use, and disclose any personal data that we may hold about visitors to our website (the "Website"), our customers, our business contacts and other third parties with whom we may interact from time to time ("you" and "your").

For the purposes of this Privacy Policy, "Data Protection Legislation" means UK Data Protection Act, Privacy and Electronic Communications Regulations, UK General Data Protection Regulation and any other applicable legislation concerning the processing of personal data.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy regularly, and/or whenever you access the Website, or purchase any other Product (as defined in our Terms of Service) (together, the "Services") or otherwise interact with us, so that you stay informed about our information practices and the choices available to you with respect to your privacy.

 

COLLECTION OF INFORMATION

Information You Provide to Us

When you register to receive our newsletter, make a wish list, go all or part-way through the process of placing an order, request information, send us feedback or complete surveys, we ask you to provide certain information, such as your name, e-mail address, billing address, delivery address and telephone number.  If you are placing an order and are making a payment we will also require payment information, which will be processed by our payment processing merchant. We do not retain your credit or debit card details. You can choose to tell us your date of birth so that we can send you offers and promotions around your birthday and so that we can tailor our marketing to you.

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can.

Information about Your Use of the Website

  • Usage Information

We collect information about your use of our Website, such as the search terms you enter, the pages you visit within our Website, and the links you click on.

  • Automatically Collected Information

When you access or use our Website, we may automatically collect information about you, including:

  • Log Information: We collect log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Services.
  • Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers, and mobile network information.
  • Location Information: Where your device permits collection of location data, we may collect information about the general location of your device (county or country level.

For more information about cookies and how to enable or disable them, please see our Cookies Policy here.

Social Sharing information

The Website may offer social sharing features and other integrated tools, which let you share actions you take on our Website with other media, and vice versa.  Your use of such features enables the sharing of information with your friends or the public, depending on the settings you establish with the entity that provides the social sharing feature.

Please note that where a social media provider may carry out these processes, that provider is also a controller of your personal data.  For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the entities that provide these features.

USE OF INFORMATION

We use the information we collect to provide, maintain, and improve our Services and Website and to administer our business. We use your personal data only for the following purposes:

Purpose

Explanation

Legal Basis

Processing your order.

 

We need to use your personal data to ensure you have visibility of the progress of your order, to deliver your order to you and to take payment.

Performance of contract.

For statistical or survey purposes

This is to improve our Website and the services we offer.

Legitimate interest.

To administer our Website and serve content to you.

We use your usage information to improve our Website and services and to serve you relevant content on the Website (e.g. using your location to ensure you see the correct delivery and pricing information).

Legitimate interest

To provide customer services

We use your information in order to respond to your queries and communications. We also use some of our communications with you for training purposes.

Legitimate interest

To send you digital marketing communications.

We will send you messages about products, services, promotions and new additions to our Website that may be of interest to you on channels where you have consented to receive them or through which we have had contact with you.

Legitimate interest (or consent)
To personalise your experience

We may collate and analyse personal data in order to create customer profiles to provide you with more relevant content and to assess and improve our Website and Services. If you wish to opt-out of such profiling, please contact us (see 'Contact Information' below).

Legitimate interest

 

 

LEGAL BASES FOR PROCESSING

We will process your personal data on the following legal bases under Data Protection Legislation:

  1. Legitimate Interest
  • Where processing such information is in our or a third party's legitimate interests and they are not overridden by your interests.
  • Please be aware that you have the right to object to any of the above processing of data for legitimate interests.
  1. Contract
  • Where it is necessary for the performance of our contract with you or to take steps requested by you prior to entering into a contract – for example to process payments when you order a Product, or provide services you have requested.
  1. Consent
  • Where we otherwise have your consent to do so – such as where you have subscribed to our newsletter.

 

HOW WE KEEP YOUR DATA SECURE

We use technical and organisational measures to safeguard your personal data - for example we use secure connections on our Website to ensure that your Website is encrypted. This means that we convert your data into a computer code, which will make it harder for hackers to access your data on our Website. Our systems which store our customer data apply good industry practice such as triple layer protection, multi-factor authentication and access controls.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘Contact Information’ below).

 

SHARING OF INFORMATION

We need to share information about you for the purposes described in this Privacy Policy. Like any business, we use service providers to provide services to us such as website hosters, customer relationship management software, delivery suppliers. These service providers need access to your information to provide their services to us and they act as our processors. If you would like to know the names of our service providers. please contact us using the details blow (see 'Contact Information').

We also need to share information about you with other organisations in the following scenarios as follows. These organisations will be independent controllers so you should review their privacy notices:

  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including lawful requests by public authorities to meet national security or law enforcement requirements;
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect our and/or others' rights, property and safety;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business by another company; and
  • With your consent or at your direction.

 

DATA RETENTION

We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it. Once we no longer have a legal basis to hold it, we will anonymise or delete it. The table below provides details about how long we will process your data:

Data we process

How long this will be held for

All customer personal data connected with transactions

7 years after a customer's last purchase

 

 

INTERNATIONAL TRANSFERS OF INFORMATION

The data we collect from you may be transferred to, and stored at, a destination outside of the UK and the European Economic Area ("EEA") if our suppliers are based in other countries or have operations there. Any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you want to know more about how data is transferred, please contact us using the details below (see 'Contact Information').

 

YOUR RIGHTS

As a data subject, you have the following rights under the Data Protection Laws:

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request);
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to prevent your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making.

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "Contact Information").

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

  1. Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "Legal Bases for Processing".

  1. Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held);
  • any information available about the source of that data; and
  • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

  1. Right to correct any mistakes in your information

You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

  1. Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.
  1. Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.

  1. Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.

  1. Right to erasure

You can ask us to erase your personal data where:

 

  • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Policy;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • your data has been processed unlawfully or have not been erased when it should have been.
  1. Rights in relation to automated decision making

You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached.

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

QUESTIONS OR COMPLAINTS

If you have a question or concern about our processing of personal data, or if you do not think that we have processed your data in accordance with this notice, we ask that you let us know as soon as possible by contacting us on the details below.  You also have the right to lodge a complaint with the Information Commissioner's Office (the "ICO"). Information about how to do this is available at www.ico.org.uk).

 

CONTACT INFORMATION

If you have any questions about this Privacy Policy, the information we hold about you, or if you would like this notice in another format (for example: audio, large print, braille), please contact our Privacy Manager at dataofficer@apricotonline.co.uk.

 

Last updated: February 2024

About Apricot

HELP & SUPPORT